Privacera Platform master publication

Create Scheme Policies on Privacera Platform
:
Add User in Default Policy

In order to create a scheme policy, you need to add a privacera_service_discovery user in the default privacera_peg policy.

To add the user:

  1. Login to the Privacera Portal.

  2. Navigate to Access Management > Scheme Policies.

  3. Click the privacera_peg policy.

  4. Click the edit button next to peg policy.

  5. Under Allow Conditions, search and select privacera_service_discovery user in the Select User dropdown list.

Steps to Create Scheme Policies
  1. Login to the Privacera Portal.

  2. Navigate to Access Management > Scheme Policies.

  3. Under the PEG resource, click the privacera_peg policy.

  4. On the Ranger Service page, click + Add New Policy.

  5. If you want this scheme policy to be in effect for a specific time period, then click Add Validity Period from the upper left corner and enter details.

    Enabled toggle button allows you to create a policy.

  6. In the Policy Name text box, enter scheme policy name.

  7. If you want to add label for the schema policy, select label under Policy Labels dropdown list.

  8. In the Description text box, enter the scheme policy description.

  9. If you do not want audit logs, then turn off the Audit Logging toggle button.

  10. Under Encryption Schemes, select the name of the encryption scheme to which you want to apply the policy. Repeat this for all the required encryption schemes.

  11. Under Presentation Schemes, select the name of the presentation scheme to which you want to apply the policy. Repeat this for all required presentation schemes.

Depending on how you have decided to allow or deny access, use the fields in Allow conditions or Deny Conditions and follow the corresponding steps below:

  • Allow Access

    1. Under Allow Conditions, search and select privacera_service_discovery user in the Select User dropdown list.

      You can select the names of roles, groups, or users you want to give access to the schemes.

    2. On the right, click Add Permission and specify the permission you want to give.

    3. On the far right, click Delegate Admin if you want the service user to be able to make API endpoints on behalf of the application user.

    4. If you want to deny access to specific roles, groups, or users, under Exclude from Allow Conditions, select those roles, groups, or users you want to exclude.

  • Deny Access

    1. Under Deny Conditions, in the role, group, and user fields, select the names of roles, groups, or users you want to deny access to the schemes.

    2. On the right, click Add Permission and specify the permission you want to deny.

    3. On the far right, click Delegate Admin if you want the service user to be able to make API endpoints on behalf of the application user.

    4. If you want to give access to specific roles, groups, or users, under Exclude from Deny Conditions, select those roles, groups, or users you want to allow.

  • Save your scheme policy.